Nuzzo

Legal

Privacy Policy

Last updated: April 19, 2026

Working privacy policy. We'll finalize this before general availability. In short: we don't sell your data, we don't train AI on it, and you can delete it any time.

What we collect

From you (the business owner): email, name, password hash (Argon2id), business name, timezone, billing info (handled by Stripe — we never see full card numbers).

That you tell us about your clients / pets: client names, contact info, addresses (service addresses), pet profiles (name, breed, medical/feeding notes), photos you upload.

Automatically: IP address + user-agent on login (for session security), basic product analytics via PostHog (page views, clicks, retained anonymized).

What we don't do

  • Sell your data to anyone.
  • Train AI models on your data.
  • Show ads inside the product or on report cards sent to clients.
  • Access your data except when you ask for support or for system maintenance that requires it.

Subprocessors

We use the following services to operate Nuzzo. Each is bound by their own privacy commitments and handles only what they need.

  • Stripe — payments, billing
  • Resend — transactional email
  • Twilio — SMS notifications (future)
  • Cloudflare R2 — photo storage
  • Neon — managed Postgres hosting
  • Vercel — application hosting
  • PostHog — product analytics
  • Sentry — error monitoring

How we protect it

  • All traffic over HTTPS. Data at rest encrypted by our hosting providers.
  • Passwords hashed with Argon2id (not bcrypt). Session tokens SHA-256 hashed at rest.
  • Multi-tenant isolation at the data-access layer — your business's data is queried with a scoped client that makes cross-tenant access impossible.
  • CSRF tokens, rate limiting, account lockout on auth.

Your rights

You can export your data at any time from the in-app settings, or email hello@nuzzo.pet. You can delete your account and all associated data at any time — we retain for 60 days in case of accidental deletion, then permanently purge.

GDPR / UK-GDPR / CCPA: we act as the processor of your business data, and you act as the controller for your clients. We'll sign a DPA at /legal/dpa if your jurisdiction requires one.

Cookies

We use strictly necessary cookies (session auth, CSRF). No third-party marketing cookies. PostHog uses a first-party cookie for anonymous session identification.

Contact

Privacy questions: hello@nuzzo.pet.